I’m honored. And a Bit Scared.

Yesterday was my first real day as a Senior Solutions Architect for Proact, and today I flew to Oslo for on-boarding and some face-to-face time with my new colleagues over there. By the looks of it, there is a lot of exciting things in the pipeline, and it we land the things we have started on this should be interesting. Very interesting indeed.

veeam_vanguardIn addition to the excitement around changing employers, and roles, some other things have also
happened. Firstly, Veeam decided to award me the Veeam Vanguard title for 2016. I had the honour of being one of the inaugural members of this group in 2015, and I’m very happy to be included in the group once more.

Secondly, VMware has announced the list of their EUC Champions for 2016. This program had a “soft-launch” in 2015, but has now gone official in 2016. I’m extremely honoured to extend my membership in this small group in 2016.

Thirdly, a few days ago Issue 1, 2016, of VMUG Compass was published — and that includes an interview with me as well.

It’s been quite a week so far, and it’s only Tuesday. Now, I need to go lay down for a bit…

Migrating from Watchguard Firebox X to XTM Series Firewalls

Watchguard has recently retired their X series of firewalls and replaced them with their new lineup of XTM boxes.

I took this opportunity to replace my X series firewalls with some from the new lineup, and found a neat way to migrate your existing configuration from old to new in a few very easy steps.

Note: Normally I would not recommend migrating your configuration in this manner. In my mind you should always rebuild rules when replacing your firewall, as it is the perfect time to review and do some QA.

Migrating your existing config

I used a laptop do do the actual configuration, to make sure that I didn’t get any conflicts in my production environment when setting up the new one with an old config. By default the Watchguard firewalls come with DHCP enabled on eth1 (trusted) and blindly plugging that into your existing infrastructure might not be the best of ideas. Also, remember that the config also includes the firewall IP adress and what happens if you have two firewalls with identical IP adresses in your network? Lets just agree that it’s not a pretty sight.

Step-by-Step Guide

  1. Save your current (old) configuration from your live production firewall
  2. Install latest version of Watchguard System Manager
  3. Activate new firewall and retrieve feature key from watchguard.com
  4. Disconnect laptop from existing production environment, and connect it directly to new XTM firewall on eth1 (trusted)
  5. Run through Quick Setup Wizard on new XTM firewall
  6. Open new config xml file in a suited editor. I used Notepad++
  7. Find the lines that reads <for-model>x700</for-model> (your model might differ)
  8. Replace x700 with XTM820 (again, your model might differ) and save config file with new name
  9. Connect Watchguard System Manager to new firewall and start Policy Manager
  10. Open freshly edited config file and save to firebox (if prompted to convert config file to new format, do so)
  11. Add new feature key
  12. Save to firebox

And there it is. All existing configuration migrated from old Watchguard X series firewall migrated to a new and shiny XTM series.

You should now be able to do a quick switch between new and old firewalls and all your services should be available immediately. If not, you can always just revert to the old firewall and troubleshoot the new one.